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IN THE CLAIMS : 

Please amend the claims as follows: 

1. (currently amended) A method for delivering information from a trust information 
provider to a client for verification of a received certificate by said client, comprising 
the steps of: 

providing a trust information object (TIO) to said client, wherein for each of a 
plurality of trust entity certificates said TIO comprises: 1) a hash value of [[a]] said 
trust entity certificate, and 2) associated trust information indicating a level of trust 
for a trusted entity associated with said trust entity certificate, wherein the trusted 
entity comprises a certificate authority; and 

verifying a received certificate using at least a portion of said TIO. 

2. (currently amended) The method of Claim 1 , wherein said TIO further comprises 
any of : 

a tru o t o d e n tity ' s certificat e ; 

for each of said trust entity certificates, a trust vector of said tru s ted - entity's 
certificate including at least a portion of said trust information : 

a value indicating a number of signatures required for a next update; 
a date said TIO is created; and 

a digital signature of all data including said e o r ti f i c o t o trust entity certificates , 
said trust v e otor vectors , said number of signatures, and said timestamp , contained 
included in said TIO. 

3. (currently amended) The method of Claim 1 A wherein said hash va l ue is values 
are determined using any of MD5 and SHA-1. 

4. (previously presented) The method of Claim 1 , wherein said TIO conforms to the 
PKCS#7 standard. 

5. (currently amended) The method of Claim 1, further comprising the step of: 
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hard coding [[a]] said TIP d e ri ved from a cot of root c e rtificat e a ut hority (CA) 
certificates into said client's software. 

6. (original) The method of Claim 1, further comprising the step of: 

saving a copy of said TIO in a persistent memory during said client's build 

time. 

7. (withdrawn) A method for delivering certificates with associated trust information 
from a server to a client for verification of a received certificate by said client, 
comprising the steps of: 

associating a trust information object (TIO) with said client, said TIO 
comprising a hash value of a trust entity certificate and associated trust information 
indicating a level of trust for a trusted entity associated with said trust entity 
certificate; 

during an SSL handshake between said client and said server, said server 
sending a certificate chain that, optionally, contains a root certificate (RC) to said 
client; and 

said client validating said server certificate using said TIO. 

8. (withdrawn) The method of Claim 7, wherein said client hashes a server 
certificate and compares a resulting digest against a list of trusted entity certificate 
thumbprints obtained from said TIO. 

9. (withdrawn) The method of Claim 8, wherein if a thumbprint match is not found: 

said client retrieves an RC from a trusted server; 

said client performs certificate chain validation up to a root certificate authority 

(CA); 

once an entire certificate chain is validated, said client tries to validate said 
CA RC; 
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PAGE 3/21 1 RCVD AT 3/W2007 1 :44:34 PM [Eastern Standard Time] ' SVR:U$PTO£RM * DN1S:2738300 1 CSID:+1 7325309808 1 DURATION (mm-ss):06-06 



Mar-05-2007 01:37pm Frora-Mosar, Patterson * Sheridan, LLP - NJ +17325309808 T-848 P. 004/021 F-986 

PATENT 

Attorney Docket No/. LIBEQ034 (TVW/APP35US) 

Page 4 of 21 

wherein, if said RC is included in said certificate chain, said client hashes said 
RC and looks up said TIO in said client; 

wherein if a resulting hash value and a corresponding trust bit are found in 
said TIO, then said certificate chain is considered to be valid and session initiation 
proceeds. 

10. (withdrawn) The method of Claim 8, wherein if a thumbprint match is, said client 
checks a trust bit vector associated with said certificate to ensure that an 
authenticated server is trusted in the context of a session being established. 

1 1 . (withdrawn) The method of Claim 9, wherein if necessary trust capabilities are 
not set on a matched thumbprint, said client fails a session initiation handshake, 

12. (withdrawn) The method of Claim 7, wherein a hash value in said TIO is taken 
by hashing a valid certificate; and wherein said certificate is accepted by a validation 
mechanism, even when said client receives an expired root certificate. 

13. (withdrawn) The method of Claim 7, further comprising the step of: 

providing in said TIO a designated trust bit associated with a site certificate 
for identifying a site that is trusted to perform certain operations; 

wherein when said client executes a script it checks said certificate and 
associated trust information; and 

wherein if said trust bit indicates that a site identified by its certificate is 
trusted for an intended operation, then access permission is granted. 

14. (currently amended) A method for delivering information from a server to a 
client, comprising the steps of: 

embedding a trust information object (TIO) within said client, wherein for each 
of a plurality of trust entity certificates said TIO compri si ng comprises : 1) a hash 
value of [[a]] sajd trust entity certificate, and 2) associated trust information indicating 
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a level of trust for a trusted entity associated with said trust entity certificate, wherein 
the said trusted entity comprises a certificate authority; 

said client connecting to said server to determine whether a new TIO is 
available; and 

said server sending a new TIO to said client if ther e is a mor e r e c e nt TIO said 
new TIO is available . 

15. (previously presented) The method of Claim 14, further comprising the step of: 

sending a TIO including a signing certificate to said client, wherein trust 
information of said signing certificate indicates that said signing certificate can be 
trusted for signing said TIO. 

16. (currently amended) The method of Claim [[14]] 15, wherein said client fetches 
said TIO from a trusted server, said client ensuring that a root certificate that signed 
said signing certificate is contained in said TIO and is not revocable. 

17. (previously presented) The method of Claim 14, wherein said client verifies a 
digital signature of said TIO with a signing certificate along with a TIO sent to said 
client 

18. (original) The method of Claim 17, wherein multiple signatures are verified, 
depending on the number of signatures specified in said TIO; wherein said client 
hashes said signing certificates one by one; and wherein if proper results are found 
in said TIO and said certificates are trusted for signing said TIO, then said TIO 
proves that it was not tampered with. 

19. (original) The method of Claim 18, wherein said signing certificates exist in said 
TIO in said client before said TIO is signed. 

20. (previously presented) The method of Claim 14, wherein said TIO is delivered to 
said client via a broadcast channel; 
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wherein a provider delivers an initial TIO to said client that contains a signing 
certificate and associated trust information by either of including said signing 
certificate in said initial TIO saved in a client persistent memory, or by sending said 
initial TIO to said client through a secure channel before using said broadcast 
channel. 

21 . (original) The method of Claim 14, further comprising the step of: 

updating said TIO on a per session basis when said TIO is not persistently 

stored. 

22. (currently amended) An apparatus for receiving information from a server for 
verification of a received certificate, comprising: 

a client device for receiving a trust information object (TIO) associated with 
said client device, said client device comprising a memory for storing said TIO, 
wherein for each of a plurality of trust entity certificates said TIO comprises: 1) a 
hash value of [[a]] said trust entity certificate, and 2) associated trust information 
indicating a level of trust for a trusted entity associated with said trust entity 
certificate, wherein the said trusted entity comprises a certificate authority; 

wherein said client device is adapted for verifying a received certificate using 
at least a portion of said TIO. 

23. (Cancelled) 

24. (currently amended) The apparatus of Claim 22, wherein said TIO comprising 
any further comprises at least one of: 

for each of said trust entity certificates, a trust vector including at least a 
portion of said trust information; 

a value indicating a number of signatures required for a next update: 

a time stamp which indicates a date that said TIO is generated; 

a truct attribute that compris e s trust information a ss orted with an entity 
represented by its certificat e ; and 
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for each of said trust entity certificates, a thumb print comprising a hash of a 
public key embedded in [[a]] said certificate that represents [[a]] said trusted entity. 

25. (currently amended) An apparatus for receiving information from a trust 
information provider for verification of a received certificate, comprising: 

a client device for receiving a trust information object (TIO) associated with 
said client device, said client device comprising a memory for storing said TIO, 
wherein for each of a plurality of trust entity certificates said TIO includes: 1) a hash 
value of [[a]] said trust entity certificate, and 2) associated trust information indicating 
a level of trust for a trusted entity associated with said trust entity certificate, wherein 
the said trusted entity comprises a certificate authority; 

wherein said client device is adapted for verifying a received certificate using 
at least a portion of said TIO. 

26. (currently amended) The apparatus of Claim 25, wherein said TIO further 
comprises any of : 

a trust e d e ntity's c e rtificat e^ 

for each of said trust entity certificates, a trust vector of said trusted entity's 
c e rtificat e including at least a portion of said trust information ; 

a value indicating a number of signatures required for a next update; 
a date said TIO is created; and 

a digital signature of all data including said c e rtificat e trust entity certificates , 
said trust v e ctor vectors , said number of signatures and said timestamp , contained 
included in said TIO. 

27. (currently amended) The apparatus of Claim 25, wherein said hash valu e i s 
values are determined using any of MD5 and SHA-1 . 

28 . (previously presented) The apparatus of Claim 25, wherein said TIO conforms 
to the PKCS#7 standard. 
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29. (previously presented) The apparatus of Claim 25, wherein said TIO comprises 
a TIO derived from a set of root certificate authority (CA) certificates hard coded into 
software of said client device, 

30. (previously presented) The apparatus of Claim 25, wherein said TIO further 
comprises: 

a copy of said TIO saved in a persistent memory during said client device's 
build time. 

31. (withdrawn) An apparatus for delivering certificates with associated trust 
information from a server to a client for verification of a received certificate by said 
client,, comprising: 

a trust information object (TIO) associated with said client, said TIO 
comprising a hash value of a trust entity certificate and associated trust information 
indicating a level of trust for a trusted entity associated with said trust entity 
certificate; 

means for sending a certificate chain from said server that, optionally, 
contains a root certificate (RC) to said client during an SSL handshake between said 
client and said server; and 

means at said client for validating said server certificate using said TIO. 

32. (withdrawn) The apparatus of Claim 31, wherein said client hashes a server 
certificate and compares a resulting digest against a list of trusted entity certificate 
thumbprints obtained from said TIO. 

33. (withdrawn) The apparatus of Claim 32, wherein if a thumbprint match is not 
found: 

said client retrieves an RC from a trusted server; 

said client performs certificate chain validation up to a root certificate authority 

(CA); 

538792-1 
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once an entire certificate chain is validated, said client tries to validate said 
CA RC; 

wherein, if said RC is included in said certificate chain, said client hashes said 
RC and looks up said TIO in said client; 

wherein if a resuming hash value and a corresponding trust bit are found in 
said TIO, then said certificate chain is considered to be valid and session initiation 
proceeds. 

34. (withdrawn) The apparatus of Claim 32, wherein if a thumbprint match is, said 
client checks a trust bit vector associated with said certificate to ensure that an 
authenticated server is trusted in the context of a session being established. 

35. (withdrawn) The apparatus of Claim 34, wherein if necessary trust capabilities 
are not set on a matched thumbprint, said client fails a session initiation handshake. 

36. (withdrawn) The apparatus of Claim 31 , wherein a hash value in said TIO is 
taken by hashing a valid certificate; and wherein said certificate is accepted by a 
validation mechanism, even when said client receives an expired root certificate. 

37. (withdrawn) The apparatus of Claim 31 , further comprising: 

a designated trust bit in said TIO associated with a site certificate for 
identifying a site that is trusted to perform certain operations; 

wherein when said client executes a script it checks said certificate and 
associated trust information; and 

wherein if said trust bit indicates that a site identified by its certificate is 
trusted for an intended operation, then access permission is granted. 

38. (currently amended) An apparatus for delivering information from a server to a 
client, comprising: 

538792-1 
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a client device comprising a memory storing a trust information object (TIO) x 
wherein for each of a plurality of trust entity certificates said TIP compris i ng 
comprises : 1) a hash value of [[a]] said trust entity certificate, and 2) associated trust 
information indicating a level of trust for a trusted entity associated with said trust 
entity certificate, wherein the trusted entity comprises a certificate authority; 

wherein said client device connects to said server to determine whether a 
new TIO is available; and 

wherein said server sends a new TIO to said client if there is a more recent 

TIO. 

39. (previously presented) The apparatus of Claim 38, wherein a trusted server 
sends a TIO including a signing certificate to said client device, wherein trust 
information of said signing certificate indicates that said certificate can be trusted for 
signing said TIO. 

40. (previously presented) The apparatus of Claim 38, wherein said client device 
fetches said TIO from a trusted server, said client device ensuring that a root 
certificate that signed said signing certificate is contained in said TIO and is not 
revocable. 

41 . (previously presented) The apparatus of Claim 38, wherein said client device 
verifies a digital signature of said TIO with a signing certificate along with a TIO sent 
to said client device. 

42. (previously presented) The apparatus of Claim 41, wherein multiple signatures 
are verified, depending on the number of signatures specified in said TIO; wherein 
said client device hashes said signing certificates one by one; and wherein if proper 
results are found in said TIO and said certificates are trusted for signing said TIO, 
said client device utilizes said TIO. 
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43. (previously presented) The apparatus of Claim 42, wherein said signing 
certificates exist in said TIO in said client device before said TIO is signed. 

44. (previously presented) The apparatus of Claim 38, wherein said TIO is delivered 
to said client device via a broadcast channel; 

wherein a provider delivers a TIO to said client device that contains a signing 
certificate and associated trust information by either of including said signing 
certificate in an initial TIO saved in a client persistent memory, or by sending said 
TIO to said client through a secure channel before using said broadcast channel 

45. (previously presented) The apparatus of Claim 38, wherein said client device 
updates said TIO on a per session basis when said TIO is not persistently stored. 

46. (currently amended) A method for delivering information from a server to a client 
for verification of a received certificate by said client, comprising the steps of: 

receiving a trust information object (TIO) at said client, wherein for each of a 
plurality of trust entity certificates said TIO comprises: 1) a hash value of [[a]] said 
trust entity certificate, and 2) associated trust information indicating a level of trust 
for a trusted entity associated with said trust entity certificate, wherein the said 
trusted entity comprises a certificate authority; and 

verifying a received certificate using at least a portion of said TIO. 

47. (cancelled) 

48. (currently amended) The method of Claim 46, wherein said TIO comprising any 
further comprises at least one of: 

for each of said trust entity certificates, a trust vector including at least a 
portion of said trust information: 

a value indicating a number of signatures required for a next update: 
a time stamp which indicates a date that said TIO is generated; 
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a trust att ri bute) that comprises trust informat i on associat e d with an entity 
rep r e s ented by i ts c e rtificat e ; and 

for each of said trust entity certificates, a thumb print comprising a hash of a 
public key embedded in a certificate that represents a trusted entity. 

49. (currently amended) A method for delivering information from a trust information 
provider to a client for verification of a received certificate by said client, comprising 
the steps of: 

providing a trust information object (TIO) to said client, wherein for each of a 
plurality of trust entity certificates said TIO comprises: 1) a hash value of a public 
key embedded in a certificate that represents a trusted entity, and 2) trust 
information indicating a level of trust for the said trusted entity associated with said 
certificate, wherein the trusted entity comprises a certificate authority; and 

verifying a received certificate using at least a portion of said TIO. 
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